/
bucket.go
99 lines (80 loc) · 1.87 KB
/
bucket.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package bolt
import (
"crypto/cipher"
"crypto/rand"
"io"
bolt "go.etcd.io/bbolt"
)
type b struct {
*bolt.Bucket
}
type Bucket struct {
*b
aesgcm cipher.AEAD
}
func (eb *Bucket) Bucket(name []byte) *Bucket {
bb := eb.b.Bucket.Bucket(name)
if bb == nil {
return nil
}
return &Bucket{b: &b{bb}, aesgcm: eb.aesgcm}
}
func (eb *Bucket) CreateBucket(name []byte) (*Bucket, error) {
nb, err := eb.b.Bucket.CreateBucket(name)
if err != nil {
return nil, err
}
return &Bucket{b: &b{nb}, aesgcm: eb.aesgcm}, nil
}
func (eb *Bucket) CreateBucketIfNotExists(name []byte) (*Bucket, error) {
nb, err := eb.b.Bucket.CreateBucketIfNotExists(name)
if err != nil {
return nil, err
}
return &Bucket{b: &b{nb}, aesgcm: eb.aesgcm}, nil
}
func (eb *Bucket) Cursor() *Cursor {
return &Cursor{Cursor: eb.b.Bucket.Cursor(), aesgcm: eb.aesgcm}
}
const nonceLength = 12
func (eb *Bucket) Get(key []byte) []byte {
data := eb.b.Bucket.Get(key)
decrypted, err := decrypt(data, eb.aesgcm)
if err != nil {
return nil
}
return decrypted
}
func (eb *Bucket) Put(key, value []byte) error {
nonce := make([]byte, nonceLength)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return err
}
return eb.b.Bucket.Put(key, append(nonce, eb.aesgcm.Seal(nil, nonce, value, nil)...))
}
func (eb *Bucket) ForEach(fn func(k, v []byte) error) error {
return eb.b.Bucket.ForEach(func(k, v []byte) error {
// value is bucket
if v == nil {
return fn(k, v)
}
decrypted, err := decrypt(v, eb.aesgcm)
if err != nil {
return ErrDecrypt
}
return fn(k, decrypted)
})
}
func decrypt(data []byte, aesgcm cipher.AEAD) ([]byte, error) {
if len(data) < nonceLength {
return nil, ErrDecrypt
}
decrypted, err := aesgcm.Open(nil, data[:nonceLength], data[nonceLength:], nil)
if err != nil {
return nil, err
}
if decrypted == nil {
return []byte{}, nil
}
return decrypted, nil
}